CRITICAL🇵🇱 Wersja polska

CVE-2015-8969

CVSS 9.8v3.1pub. 2016-11-03upd. 2026-05-06

git-fastclone before 1.0.5 passes user modifiable strings directly to a shell command. An attacker can execute malicious commands by modifying the strings that are passed as arguments to "cd " and "git clone " commands in the library.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Squareup Git Fastclone

    APP
    Squareup
    < 1.0.5
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2015-8968HIGH8.8ten sam produkt

git-fastclone before 1.0.1 permits arbitrary shell command execution from .gitmodules. If an attacker can inst...

CVE-2018-1000844CRITICAL9.1ten sam vendor

Square Open Source Retrofit version Prior to commit 4a693c5aeeef2be6c7ecf80e7b5ec79f6ab59437 contains a XML Ex...

CVE-2018-1000850HIGH7.5ten sam vendor

Square Retrofit version versions from (including) 2.0 and 2.5.0 (excluding) contains a Directory Traversal vul...

CVE-2023-0833MEDIUM4.7ten sam vendor

A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information d...

CVE-2023-3782MEDIUM5.9ten sam vendor

DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an atta...